Free conversion of your data to Chinese by hackers

Posted by, Stephen Richards on June 26, 2018

Free conversion of your data to Chinese – Want it or not!

As the US and China trade war hots up, a group of hackers who have been pretty much dormant for two years have come back with a purpose and vision. Named “Thrip” by analysts, the group has focused its attacks on US Satellite companies and has been very specific about the data it is after.

Chinese hacking group resurfaces, targets U.S. satellite companies and systems

Using the usual toolbox and a raft of custom hacking tools Thrip have widely used Trojans including three specific Trojans, known as “Infostealer.Catchamas,” “Trojan.Rikamanu” and “Trojan.Mycicil.”

Semantec broke the news about the attacks and explained that these tools allow hackers to steal users credentials, laterally traverse networks that have been compromised and deploy additional backdoors.

By leveraging PsExec Thrip have made it harder to tell what hackers are doing because administrators have trouble telling what is legitimate and what is malicious.

A Chinese hacking group broke into a national data centre in Mongolia

In another Chinese hacking attack, Kaspersky reported that a National Data Centre in Mongolia was attacked last year and how it was done.

It seems that a watering hole attacks combined with spear phishing emails led to a breach. After gaining access to individual accounts they used their access to gain additional access and control of infrastructure. Large Nation States have the resources to make Cysbersecurity defences ineffective in smaller countries due to the amount of money and resources they are able to throw at their chosen target along with the bigger population from which they are able to select hackers and would be hackers for training.

The attack originally started in October last year but was not discovered until March of 2018. The group is known my a number of names in the Cyber Community including APT27, IronPanda, LuckMouse and EmissaryPanda.

APT27 is know to be a group that frequently focuses on US Defence contractors and has been tied to government spying, and financial crime where there seems to be cases where they have taken money for themselves as well as their government backed sponsors.

Kaspersky freezes partnership with Europol after EU calls for company ban

And whilst we have pointed out above that Kaspersky has highlighted some really important breaches, the EU is joining the US Government ban on Kaspersky because of fears surrounding Russian State data gathering and potential malicious use of the AV companies software.

Kaspersky have offered the US access to their source code and made several other offers to demonstrate how independent they are, but the US has snubbed the offer (no surprise their with the current leadership). Perhaps the EU will get a similar offer and take it up.

“A lot of these hacking attacks have not been revealed to the South Korean public, but today I confess to you that it’s been very prevalent,” Choi said.

After the North-South summit in April, “I thought that perhaps the cyber attacks would come to a stop,” Choi said. “But they never actually did.”

Choi traced the trajectory of the North’s hacking army, from the fledgling days of its creation and cultivation under Kim Jong-il in the early 2000s to its current state, boasting teams worldwide.

In the past few years, Choi said, Pyongyang has netted significant espionage victories through various digital operations. For example, in 2017, hackers breached the South Korean defence ministry’s computer network and discovered joint U.S.-South Korean war plans.

“We really don’t have enough firepower to counteract or provide penalties for these attackers,” Lim said.

How Watchman IT Security can help protect your data

After an informal chat we can help you decide on the best plan of action to bolster your security. Options include:

IT Security Assesments

IT Security Training for staff

Phishing Training using simulated attacks with measured results

Assistance with Cyber Essentials

Many other choices are available, but it all starts with an informal chat after you contact us. Please use the popup chat/email box to contact us.